diff options
| author | Franck Cuny <franck@fcuny.net> | 2022-02-13 11:00:40 -0800 |
|---|---|---|
| committer | Franck Cuny <franck@fcuny.net> | 2022-02-13 11:03:13 -0800 |
| commit | 2e8aebc44a2e302028e5d26d75a608a3449074d6 (patch) | |
| tree | 8e5810c846d217c1a2018e43b9da27d9b9ede71a /hosts/carmel | |
| parent | desktop: gnome related things (diff) | |
| download | world-2e8aebc44a2e302028e5d26d75a608a3449074d6.tar.gz | |
hosts: decrypt root disk via ssh on boot
Diffstat (limited to 'hosts/carmel')
| -rw-r--r-- | hosts/carmel/default.nix | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/hosts/carmel/default.nix b/hosts/carmel/default.nix index 9abd61a..bdc43f5 100644 --- a/hosts/carmel/default.nix +++ b/hosts/carmel/default.nix @@ -11,10 +11,31 @@ boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; + boot.initrd = { + luks.devices."system".allowDiscards = true; + network = { + enable = true; + postCommands = '' + echo "cryptsetup-askpass; exit" > /root/.profile + ''; + ssh = { + enable = true; + port = 2222; + hostKeys = [ + /etc/ssh/ssh_host_ed25519_key + /etc/ssh/ssh_host_rsa_key + ]; + authorizedKeys = users.users.fcuny.openssh.authorizedKeys.keys; + }; + }; + }; + time.timeZone = "America/Los_Angeles"; services.xserver.dpi = 168; + hardware.opengl.driSupport = true; + # Use systemd-networkd for networking systemd.network = { enable = true; |